CVE-2023-6040

CWE-125Out-of-bounds ReadCWE-119Buffer Overflow22 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Linux Kernel Organization LinuxLinux Linux KernelDebian Debian Linux
Timeline
PublishedJan 12
Latest updateFeb 15

Description

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

NVDlinux/linux_kernel4.164.19.305+4
Debianlinux< 5.10.209-1+3
Ubuntulinux< 5.15.0-92.102
Ubuntulinux-kvm< 5.4.0-1105.112+1

Also affects: Debian Linux 10.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

9
OSV
linux-oracle, linux-oracle-5.15 vulnerabilities2024-02-06
OSV
linux-nvidia vulnerabilities2024-01-30
OSV
linux-kvm vulnerabilities2024-01-29
OSV
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi vuln2024-01-26
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-01-25

📋Vendor Advisories

12
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-15
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-02-09
Ubuntu
Kernel Live Patch Security Notice2024-02-07
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-02-06
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-01-30
CVE-2023-6040 (HIGH CVSS 7.8) | An out-of-bounds access vulnerabili | cvebase.io